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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
eamed patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 07 January 2008 . 
2a )^ This action is FINAL. 2b)n This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Clalm(s) 9-28 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) \Z\ Claim(s) is/are allowed. 

6) |EI Claim(s) 9-28 is/are rejected. 
/)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)^ accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held In abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

This action is in response to tine communication filed on 1/7/08. 

All objections and rejections not set forth below have been withdrawn. 

Claims 1 - 8 are cancelled. 
Claims 9-28 are pending. 



Election/Restrictions 

Claims 1 - 8 are withdrawn from further consideration pursuant to 37 CFR 
1 .142(b) as being drawn to a nonelected invention, there being no allowable generic or 
linking claim. Election was made without traverse in the reply filed on 1/7/08. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 

States. 

Claims 9-28 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Anderson et al. (Anderson), "Protected EAP Protocol (PEAP)". 
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Regarding claim 9, Anderson discloses: 

an act of receiving a first sen/er request tliat includes at least a first indication of 
ttie auttientication mechanisms deployed at the server computing system (pg. 7, par. 2 
- furthermore noted, Anderson discloses sending an EAP request packet. An EAR 
packet indicates the deployment of various types [at least 4 and optionally more] of 
authentication methods [i.e. MD5 challenge, OTP, generic token card] - as this is the 
requirement of EAP implementations); 

an act of sending a first response that includes at least a second indication of the 
authentication mechanisms deployed at both the client computing system and the 
authentication mechanisms deployed at the sen/er computing system (pg. 7, par. 3, 4 - 
furthermore noted, Anderson discloses sending an EAP response packet. An EAP 
packet indicates the deployment of various types [at least 4 and optionally more] of 
authentication methods [i.e. MD5 challenge, OTP, generic token card] - as this is the 
requirement of EAP implementations); 

an act of identifying a tunnel key that can be used to encrypt content transferred 
between the client computing system and server computing system (pg. 6, sect. 2, "part 
1"); 

an act of receiving a second server request that includes encrypted 
authentication content, the encrypted authentication content being encrypted with the 
tunnel key {pg. 10, sect. 2.2, par. 2, 3); 



Application/Control Number: 10/804,591 Page 4 

Art Unit: 2137 

an act of decrypting the encrypted authentication content with the tunnel key to 
reveal unencrypted authentication content, the unencrypted authentication content 
indicating a mutually deployed authentication mechanism (pg. 10, sect. 2.2, par. 1 - 
herein a tunnel key is used so that senders and receivers may encrypt and decrypt 

communications); 

and an act of sending a second response, the second response including 
encrypted response data that is responsive to the unencrypted authentication content, 
the encrypted response data for authenticating with the server computing system 
according to the mutually deployed authentication mechanism (pg. 10, sect. 2.2, par. 3; 
sect. 2.3). 

Regarding claim 10, Anderson discloses: 

wherein the first server request includes the authentication mechanisms 
deployed at the server computing system, a previous packet ID and a Nonce (pg. 7, par. 
5, 7; pg. 1 0, sect. 2.2, par. 1 ; pg. 11, sect. 2.3 - Herein disclosed are communications 
comprising EAP packets - thus 'previous packet ID' [an identifier matching previous 
requests and reflecting previous responses that may have been lost] - also see pg. 18, 
20; pg.15,"[in. 

Regarding claim 1 1 , Anderson discloses: 

wherein the authentication mechanisms deployed at the server computing 
system include one more authentication mechanisms selected from among MS-CHAP 
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\/2, Authentication with MD5, Authentication with Generic Token Card, Authentication 
with Kerberos, Authentication with X.509, and Authentication with WS-Security (pg. 3, 
par. 1; fig. 1 - herein, Anderson discloses EAP capable servers and clients). 

Regarding claim 12, Anderson discloses: 

wherein the authentication mechanisms deployed at the client computing system 
include one more authentication mechanisms selected from among MS-CHAP v2, 
Authentication with MD5, Authentication with Generic Token Card, Authentication with 
Kerberos, Authentication with X.509, and Authentication with WS-Security {pg. 3, par. 1; 
fig. 1 - herein, Anderson discloses EAP capable servers and clients). 

Regarding claim 13, Anderson discloses: 

wherein the first response includes the authentication mechanisms deployed at 
the client computing system, a previous packet ID, a nonce, one or more security 
associations, and one or more public keys (pg. 7, par. 4; pg. 9, par. 3). 

Regarding claim 14, Anderson discloses: 

wherein the act of identifying a tunnel key comprises deriving a tunnel key based 
on a shared secret, a client side nonce, and a server side nonce (pg. 6, sect. 2; pg. 1 5, 
"[1]" - herein Anderson discloses negotiating TLS sessions, thus the negotiation of a key 
using client and server nonces according to TLS). 
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Regarding claim 15, Anderson discloses: 

wherein the act of receiving a second server request comprises receiving 
encrypted authentication content corresponding to an authentication method selected 
from among: negotiating an authentication method, re-authenticating, boot-strapping a 
client with an existing user-name and password, boot-strapping a client with an X.509 
certificate, authenticating with an X.509 certificate, and boot-strapping a new client with 
a Kerberos token (pg. 10, sect. 2.2, par. 3 - herein disclosed is negotiation of an 
authentication method). 

Regarding claim 16, Anderson discloses: 

wherein the second server request includes encrypted authentication content, a 
previous packet ID, a security association, and a public key (pg. 1 0, sect. 2.2, par. 2, 3). 

Regarding claim 17, Anderson discloses: 

wherein the act of sending a second response includes sending encrypted 
responsive data for an authentication method selected from among: negotiating an 

authentication method, re-authenticating, boot-strapping a client with an existing user- 
name and password, boot strapping a client with an X.509 certificate, authenticating 
with an X.509 certificate, and boot-strapping a new client with a Kerberos token (pg. 11, 
sect. 2.3, "version negotiation"). 



Regarding claim 18, Anderson discloses: 
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wherein the second response includes encrypted responsive data and a previous 
pacl<et ID (pg. 1 0, sect. 2.2, par. 1 ; pg. 1 1 , sect. 2.3 - Herein is disclosed the encryption 
of communications, wherein the communications comprise EAP packets - thus 'previous 
packet ID' [an identifier matching previous requests and reflecting previous responses 
that may have been lost] according to the EAP protocol. 

Regarding claims 19-28, they essentially correspond to claims 9-18, and they 
are rejected, at least, for the same reasons. 

Response to Arguments 

Applicant's arguments with respect to claim 9-28 have been considered but are 
moot in view of the new ground(s) of rejection. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See Notice of References Cited. 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffery Williams whose telephone number is (571) 272- 
7965. The examiner can normally be reached on 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571 ) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is (703) 
872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



J. Williams 
AU:2137 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2137 



